This policy outlines the Commonwealth Scientific and Industrial Research Organisation’s (CSIRO’s) expectations and principles for the management of risk across our organisation. It applies to all employees and contractors who are employed by CSIRO.
This policy requires that CSIRO teams apply risk management across all business activities to support the achievement of CSIRO’s strategic and operating objectives. I firmly believe in and endorse the following statements that inform the way in which risk management should be applied at CSIRO.
- The identification and management of risk is central to delivering the functions of CSIRO and benefits to Australia. This includes understanding scientific, financial, commercial and legal, health & safety, environmental, and reputational risks.
- Effective management of risk is vital to successfully capturing the opportunities created through scientific research and delivering on our purpose as an Organisation.
- Effective and appropriate risk management practices should be designed to assist CSIRO staff to achieve the Organisation’s objectives, and to contribute to the continuous improvement of the Organisation.
- Risks faced by CSIRO should be managed on an enterprise basis. The management of risk is the responsibility of all managers and staff.
- We will maintain a consistent framework for identifying, assessing, ranking and managing risks and capturing opportunities.
- Risk controls will be put in place to manage these risks to an acceptable level. These controls will be regularly reviewed for their effectiveness and improved where necessary.
- Risk management performance will be monitored, evaluated and reported.
- By actively identifying and managing risks we aim to increase our effectiveness as an organisation and provide greater certainty and confidence for the Government, staff members, collaborators, partners, and other stakeholders in the community about CSIRO’s operations.
CSIRO endorses the following risk management principles to inform the way in which risk management is applied across the CSIRO.
- Everyone at CSIRO is responsible for the effective management of risk.
- Risk management creates and protects value, and is an essential element of the overall governance of CSIRO.
- Risk management will be applied in a consistent and systematic basis in all teams.
- Risk management is adequately resourced.
- CSIRO will ensure that all employees have necessary training, skills and assistance to undertake effective risk management.
- Risk management uses the best available information to regularly monitor and report on the status of risk faced.
- Risk management is dynamic, iterative and responsive to change.
- The CSIRO approach to risk management is based on the process outlined in ISO 31000:2009, Risk management – principles and guidelines, the Commonwealth Risk Management Policy and the PGPA Act Framework.
- Our Annual Performance and Investment Review (APIR) process aligns business risk activities to help achieve our rolling strategy, by requiring a risk based discussion and documenting risks in areas of operation necessary to achieve Business Unit, and by extension, strategic goals.